<?php
final class User {
	private $user_id;
	private $username;
    private $accesslevel;
    private $departmentid;


	public function __construct($registry) {
		$this->db=$registry->get('db');
		$this->session=$registry->get('session');
		if (isset($this->session->data['user_id'])) {
			//echo "login";
			$sql="select * from user where user_id=".$this->session->data['user_id']." and active_yn='Y'";
			$result=$this->db->query($sql);
			if($result->num_rows){			
				$this->user_id=$result->row['user_id'];
				$this->username=$result->row['username'];
				$this->accesslevel=$result->row['access_level'];	
				$this->departmentid=$result->row['department_id'];					
		   }
		}
	}

	public function login($username, $password) {
		//	echo $email .$email;
		$query="select * from user where username='".$this->db->escape($username)."' and password='".$this->db->escape($password)."' and active_yn='Y'";
		// echo $query;
		$result=$this->db->query($query);
		if($result->num_rows){
			$this->session->data['user_id'] = $result->row['user_id'];
			$this->user_id=$result->row['user_id'];
			$this->username=$result->row['username'];
			$this->accesslevel=$result->row['access_level'];
			$this->departmentid=$result->row['department_id'];	
			return true;
		}
		else{
			return false;
		}
	}

	public function logout() {
		unset($this->session->data['user_id']);
		$this->user_id='';
		$this->username='';
		$this->email='';
		session_destroy();
	}
	
	public function userinsert(){
		$sql="insert into user(firstname,lastname,username,password,created_date,active_yn) values('{$this->db->escape($_POST["fname"])}','{$this->db->escape($_POST["lname"])}',".
		"'{$this->db->escape($_POST["uname"])}','{$this->db->escape($_POST["pword"])}',NOW(),'{$this->db->escape($_POST["active"])}')";
		$this->db->query($sql);
		return $this->db->getLastId();
	}
	
	
	public function deleteuser($userid){
		$sql="delete from user where user_id='{$userid}'";
		$this->db->query($sql);
	}
	
	public function loaduser(){
		$sql="select * from user";
		return $this->db->query($sql);
	}
	
	public function getuserdetailsbyuserid($userid){
		$sql="select user_id,firstname,lastname,username,password,active_yn from user where user_id='{$userid}'";
		return $this->db->query($sql);
	}
	
	public function updateuser(){
		$sql="update user set firstname='{$this->db->escape($_POST["fname"])}',lastname='{$this->db->escape($_POST["lname"])}',".
		"username='{$this->db->escape($_POST["fname"])}',password='{$this->db->escape($_POST["fname"])}',active_yn='{$this->db->escape($_POST["active"])}'".
		" where user_id='{$this->db->escape($_POST["userid"])}'";
		$this->db->query($sql);
	}

	public function updatepriviledge(){
		$sql="update user set department_id='{$this->db->escape($_POST["deptid"])}',designation='{$this->db->escape($_POST["designation"])}',".
		"access_level='{$this->db->escape($_POST["level"])}' where user_id='{$this->db->escape($_POST["userid"])}'";
		$this->db->query($sql);
	}
	
	public function isLogged() {
		return $this->user_id;
	}

	public function getId() {
		return $this->user_id;
	}

	public function getFirstName() {
		return $this->username;
	}	
	
	public function getAccessLevel(){
		return $this->accesslevel;
	}
	
	public function getDepartmentId(){
		return $this->departmentid;
	}
	
	public function CheckUserExist($uname){
		$sql="select * from user where username='".$uname."'";
	    $res=$this->db->query($sql);
		return $res->num_rows;
	}
	
	

}
?>